Skip to main content

Authenticating users

The Bravura Security Fabric Front-end supports multiple, configurable methods of authentication.

Basic configuration

By default, when you add your first target system, Bravura Security Fabric automatically configures itself to identify imported users by their ID on the target system, and to authenticate them using the password for their associated account on the target system. No additional configuration is required.

Bravura Security Fabric can also be set up to use security questions, where users type answers to personal questions. This option is only available to users after they complete their security question profiles.

Caution

Bravura Security strongly recommends configuring additional or advanced authentication factors. Relying on security questions is not safe, nor easily maintainable, so Bravura Security Fabric offers a larger set of authentication factors.

Bravura Security does not recommend security questions as an authentication factor for Bravura Privilege.

Modified configuration

You can modify the basic authentication configuration to:

Advanced configuration

Authentication chains offer the most flexible and secure authentication options. You can install components to streamline configuration.

Authentication chains allow for multiple combination of different methods, such as:

  • Password validation by integrated system. For example: Active Directory, LDAP, Mainframe, UNIX/Linux (different flavors), SAP, etc.

  • Security questions, such as pre-defined in application configuration, user-defined or loaded and validated in real time from a 3rd party system.

    Caution

    Relying on security questions is not safe, nor easily maintainable.

  • One time passwords (OTP) delivered by means of SMS or email .

    Email address and phone number values required for this authentication are typically loaded from the Source of Profiles or System or Records.

  • Hardware/software tokens , for example:

    • Bravura OneAuth

    • RSA Authentication Manager

    • Duo

    Integration with each specific token system may be implemented using the native API (such as Bravura OneAuth , RSA Authentication Manager, Duo, etc) or via RADIUS protocol .

  • Using SAML protocol against client's federated access server acting as Identity Provider (IdP), for example:

    • Okta

    • SecureAuth

Different authentication options can be chained into a Multi-Factor Authentication model, where sign-in process always requires two factors: something the user has (phone, hardware token, etc) plus something the user knows (password or security questions).

See Authentication chains Use cases for more detail descriptions.

Caution

Do not make any changes before backing up the current configuration.

In this section: